We have inspected Nullhexxx, a malware discovered while analyzing samples submitted to VirusTotal, and found that it operates as ransomware. Nullhexxx encrypts files, appends an email address and the victim's ID to filenames, changes the desktop wallpaper, and provides a ransom note ("READ-ME-Null
This "Tornado Cash" scam refers to deceptive websites that imitate the Tornado Cash (TornadoCash) platform. These fake pages are not associated with this cryptocurrency tumbler. The scam sites aim to trick users into exposing their wallets to a crypto drainer, and victims experience financial loss
Our examination of the site has revealed that it hosts a technical support scam where fake pop-ups appear to trick unsuspecting visitors into taking certain actions. Usually, such scams use fear tactics to deceive individuals. If this or a similar scam website is encountered, it should be ignore
Our researchers found the ZasifrovanoXTT2 malicious program while inspecting new submissions to the VirusTotal website. This software is part of the Xorist ransomware family. Malware of this kind encrypts data and demands payment for the decryption. On our test machine, ZasifrovanoXTT2 encrypted
We have tested AnalyzerAccess and discovered that it delivers annoying advertisements. For this reason, we classified AnalyzerAccess as adware. Our other finding is that this app has been flagged as malicious, which means it can display deceptive ads designed to open untrustworthy websites.
We have inspected RestoreBackup (which we discovered during analysis of malware samples submitted to VirusTotal) and determined that it is ransomware designed to encrypt files. In addition to blocking access to files, RestoreBackup renames them (by appending ".{random_string}.restorebackup") and d
During our inspection of PrimaryAnalyzer, we found it to be an advertising-supported application designed to deliver advertisements. We also learned that a number of security vendors have flagged PrimaryAnalyzer as malicious. This means that ads from PrimaryAnalyzer can be deceptive and promote
While investigating suspicious websites, our researchers discovered the sparefastads[.]top rogue page. It promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors access sparefastads[.]top and similar webpages via redirects caused by websit
Our researchers found the derenmon.co[.]in rogue page while browsing questionable websites. After examining this webpage, we determined that it is designed to promote browser notification spam and redirect users to other (likely dubious/malicious) sites. Derenmon.co[.]in and similar pages are prim
Our researchers discovered the FMLN ransomware while inspecting file submissions to the VirusTotal site. This kind of malware is designed to encrypt data and demand payment for the decryption. On our testing system, FMLN encrypted files and renamed them according to this patten – "[original_filen